• ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January]

    ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January]

    The cyber world’s been buzzing this week, and it’s all about staying ahead of the bad guys. From sneaky software bugs to advanced hacking tricks, the risks are real, but so are the ways to protect yourself. In this recap, we’ll break down what’s happening, why it matters, and what you can do to stay…

    Read More

  • Ransomware on ESXi: The Mechanization of Virtualized Attacks

    Ransomware on ESXi: The Mechanization of Virtualized Attacks

    In 2024, ransomware attacks targeting VMware ESXi servers reached alarming levels, with the average ransom demand skyrocketing to $5 million. With approximately 8,000 ESXi hosts exposed directly to the internet (according to Shodan), the operational and business impact of these attacks is profound. Most of the Ransomware strands that are attacking ESXi servers nowadays, are…

    Read More

  • WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables

    WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables

    Cybersecurity researchers are warning of a new stealthy credit card skimmer campaign that targets WordPress e-commerce checkout pages by inserting malicious JavaScript code into a database table associated with the content management system (CMS). “This credit card skimmer malware targeting WordPress websites silently injects malicious JavaScript into database entries to steal sensitive payment

    Read More

  • Expired Domains Allowed Control Over 4,000 Backdoors on Compromised Systems

    Expired Domains Allowed Control Over 4,000 Backdoors on Compromised Systems

    No less than 4,000 unique web backdoors previously deployed by various threat actors have been hijacked by taking control of abandoned and expired infrastructure for as little as $20 per domain. Cybersecurity company watchTowr Labs said it pulled off the operation by registering over 40 domain names that the backdoors had been designed to use…

    Read More

  • CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation

    CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three flaws impacting Mitel MiCollab and Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows – CVE-2024-41713 (CVSS score: 9.1) – A path traversal vulnerability in Mitel MiCollab that could allow…

    Read More

  • Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers

    Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers

    Cybersecurity researchers have uncovered firmware security vulnerabilities in the Illumina iSeq 100 DNA sequencing instrument that, if successfully exploited, could permit attackers to brick or plant persistent malware on susceptible devices. “The Illumina iSeq 100 used a very outdated implementation of BIOS firmware using CSM [Compatibility Support Mode] mode and without Secure Boot or standard

    Read More

  • Farewell to the Fallen: The Cybersecurity Stars We Lost Last Year

    Farewell to the Fallen: The Cybersecurity Stars We Lost Last Year

    It’s time once again to pay our respects to the once-famous cybersecurity solutions whose usefulness died in the past year. The cybercriminal world collectively mourns the loss of these solutions and the easy access they provide to victim organizations. These solutions, though celebrated in their prime, succumbed to the twin forces of time and advancing…

    Read More

  • New EAGERBEE Variant Targets ISPs and Governments with Advanced Backdoor Capabilities

    New EAGERBEE Variant Targets ISPs and Governments with Advanced Backdoor Capabilities

    Internet service providers (ISPs) and governmental entities in the Middle East have been targeted using an updated variant of the EAGERBEE malware framework. The new variant of EAGERBEE (aka Thumtais) comes fitted with various components that allow the backdoor to deploy additional payloads, enumerate file systems, and execute commands shells, demonstrating a significant evolution. “The…

    Read More

  • CISA: No Wider Federal Impact from Treasury Cyber Attack, Investigation Ongoing

    CISA: No Wider Federal Impact from Treasury Cyber Attack, Investigation Ongoing

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday said there are no indications that the cyber attack targeting the Treasury Department impacted other federal agencies. The agency said it’s working closely with the Treasury Department and BeyondTrust to get a better understanding of the breach and mitigate its impacts. “The security of federal…

    Read More

  • India Proposes Digital Data Rules with Tough Penalties and Cybersecurity Requirements

    India Proposes Digital Data Rules with Tough Penalties and Cybersecurity Requirements

    The Indian government has published a draft version of the Digital Personal Data Protection (DPDP) Rules for public consultation. “Data fiduciaries must provide clear and accessible information about how personal data is processed, enabling informed consent,” India’s Press Information Bureau (PIB) said in a statement released Sunday. “Citizens are empowered with rights to demand data…

    Read More